Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rw ui tabs macro
Rw tab
titleOn-premise collector

This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.

Structure

The following directory structure should be created for being used when running the collector:

Code Block
<any_directory>
└── devo-collectors/
    └── <product_name>/
        ├── certs/
        │   ├── chain.crt
        │   ├── <your_domain>.key
        │   └── <your_domain>.crt
        ├── state/
        └── config/ 
            └── config.yaml 
Note

Replace <product_name> with the proper value.

Devo credentials

In Devo, go to Administration → Credentials → X.509 Certificates, download the Certificate, Private key and Chain CA and save them in <product_name>/certs/. Learn more about security credentials in Devo here.

Note

Replace <product_name> with the proper value.

Editing the config.yaml file

Code Block
globals:
  debug: <enable_debug_logs>
  id: not_used
  name: o365_emt_collector
  persistence:
    type: filesystem
    config:
      directory_name: state

outputs:
  devo_1:
    type: devo_platform
    config:
      address: collector-us.devo.io
#      address: collector-eu.devo.io
      port: 443
      type: SSL
      chain: chain.crt
      cert: <devo_domain>.crt
      key: <devo_domain>.key
inputs:
  office365_exchange_message:
    id: <short_unique_id>
    enabled: <input_status>
    requests_per_second: <requests_per_second_value>
    max_historic_date_cutoff_days_back: <max_historic_date_cutoff_days_back_value>
    max_historic_date_margin_seconds: <max_historic_date_margin_seconds_value>
    credentials:
      tenant_id: <tenant_id_value>
      client_id: <client_id_value>
      client_secret: <client_secret_value>
    services:
      office365_exchange_message_service:
        request_period_in_seconds: <request_period_in_seconds_value>
        reset_persistence_auth: <reset_persistence_auth_value>
        override_time_delay_in_seconds: <override_time_delay_in_seconds_value>
Info

All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the services object.

Replace the placeholders with your required values following the description table below:

Parameter

Data type

Type

Value range / Format

Details

<enable_debug_logs>

bool

Mandatory

false / true

This will make the collector generate (or not) log messages with the DEBUG level.

<short_unique_id>

int

Mandatory

YMMDD

Use this param to give a unique id to this input service.

Note

This parameter is used to build the persistence address, do not use the same value for multiple collectors. It could cause a collision.

<input_status>

bool

Mandatory

false / true

Use this param to enable or disable the given input logic when running the collector. If the value is true, the input will be run. If the value is false, it will be ignored.

<requests_per_second_value>

int

Optional

Minimum value: 1

Customize the maximum number of API requests per second. If not used, the default setting will be used: 100000 requests/sec.

Info

This parameter should be removed if it is not used.

<max_historic_date_cutoff_days_back_value>

int

Optional

Minimum value: 1

Maximum value: 1,000,000

When the collector is initially run, it will perform a historical pulling from the current date minus the value of this parameter. The default value is 10 (the API does not allow querying more than 10 days back).

Info

This parameter should be removed if it is not used.

<max_historic_date_margin_seconds_value>

int

Optional

Minimum value: 1

Maximum value: 86,400,000,000

It happens that between when this date is calculated and when it is used, the difference might be larger than 10 days, so the request will fail. To avoid it, we establish a margin that can be configured using this parameter. Its default value is 60.

Info

This parameter should be removed if it is not used.

<tenant_id_value>

str

Mandatory

Minimum length: 1

This is the Tenant ID you copied during the Obtain the client credentials step from the Vendor setup section.

<client_id_value>

str

Mandatory

Minimum length: 1

This is the Application (client) ID you copied during the Obtain the client credentials step from the Vendor setup section.

<client_secret_value>

str

Mandatory

Minimum length: 1

This is the created secret’s Value field you copied during the Obtain the client credentials step from the Vendor setup section.

<request_period_in_seconds_value>

int

Optional

Minimum value: 1

The amount (in seconds) in which the service’s collection is scheduled.

Info

This parameter should be removed if it is not used.

<reset_persistence_auth_value>

str

Optional

Date format: YYYY-MM-DD

This parameter allows you to clear the persistence of the collector and restart the download pipeline.

Note

Updating this value will produce the lost of all persisted data and current pipelines.

Info

This parameter should be removed if it is not used.

<override_delay_in_seconds_value>

int

Optional

Minimum value: 1
Maximum value: 172,800

Because it can take up to 24 hours for an event to be available through the API, this collector requests data with a 25 hour delay. This parameter allows you to customize this delay.

Note

A value less than 25 hours could cause the loss of events in large infrastructures.

Info

This parameter should be removed if it is not used.

Download the Docker image

The collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:

Collector Docker image

SHA-256 hash

collector-office365_exchange_message_tracing-2.1.01

d2a1ed59eda350a5b989a19007d691bd0d1932c7246776054fa8c15b9b6863583bbaa2f308c7023d7ec42e11390c620ff18b3e3f98957effa7e691bb3bb59132

Use the following command to add the Docker image to the system:

Code Block
gunzip -c <image_file>-<version>.tgz | docker load
Note

Once the Docker image is imported, it will show the real name of the Docker image (including version info). Replace <image_file> and <version> with a proper value.

The Docker image can be deployed on the following services:

Docker

Execute the following command on the root directory <any_directory>/devo-collectors/<product_name>/

Code Block
docker run 
--name collector-<product_name> 
--volume $PWD/certs:/devo-collector/certs 
--volume $PWD/config:/devo-collector/config 
--volume $PWD/state:/devo-collector/state 
--env CONFIG_FILE=config.yaml 
--rm 
--interactive 
--tty 
<image_name>:<version>
Note

Replace <product_name>, <image_name> and <version> with the proper values.

Docker Compose

The following Docker Compose file can be used to execute the Docker container. It must be created in the <any_directory>/devo-collectors/<product_name>/ directory.

Code Block
version: '3'
services:
  collector-<product_name>:
    image: <image_name>:${IMAGE_VERSION:-latest}
    container_name: collector-<product_name>
    volumes:
      - ./certs:/devo-collector/certs
      - ./config:/devo-collector/config
      - ./credentials:/devo-collector/credentials
      - ./state:/devo-collector/state
    environment:
      - CONFIG_FILE=${CONFIG_FILE:-config.yaml}

To run the container using docker-compose, execute the following command from the <any_directory>/devo-collectors/<product_name>/ directory:

Code Block
IMAGE_VERSION=<version> docker-compose up -d
Note

Replace <product_name>, <image_name> and <version> with the proper values.

Rw tab
titleCloud collector

We use a piece of software called Collector Server to host and manage all our available collectors. If you want us to host this collector for you, get in touch with us and we will guide you through the configuration.

...